Bankerfox.A and Win32/nuqel.e removal

View previous topic View next topic Go down

Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 2nd March 2010, 3:07 am

I have recently been infected with the bankerfox.a and win32/nuqel.e virus. Looking at other posts of this nature I saw that it usually started with running OTL.exe and then copying the results. I had to run OTL in safe mode because the virus did not let me open it after I downloaded it. Here are the results of the scan.

OTL logfile created on: 3/1/2010 9:43:26 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Dan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 149.12 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.06 Gb Free Space | 51.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AR24NC15RH3
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 21:35:30 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.exe
PRC - [2010/03/01 20:02:20 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 20:02:19 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/21 21:54:46 | 000,640,760 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 21:35:30 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.exe
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/29 23:24:38 | 000,410,624 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/03/01 20:02:19 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/04/27 17:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/27 12:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/09 11:16:16 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/03 09:49:17 | 000,068,640 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/03/19 15:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 20:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 21:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/03 22:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 19:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 14:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/30 01:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 12:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 19:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/03/22 12:57:14 | 000,007,680 | --S- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\elauni64.sys -- (elaunidr)
DRV:64bit: - [2007/03/22 12:57:12 | 000,042,496 | --S- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\elagop64.sys -- (elagopro)
DRV:64bit: - [2007/03/20 05:33:28 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\libusb0.sys -- (libusb0)
DRV:64bit: - [2007/01/29 23:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/21 23:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/21 23:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/21 23:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 17:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/02 00:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/01/06 13:42:56 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\libusb0.dll -- (libusb0)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 01:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {C43B9C30-05A9-4A47-8327-D75EF0D6B28F}:1.9.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/18 20:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/18 20:11:41 | 000,000,000 | ---D | M]

[2008/11/15 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/03/01 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ce525ayo.default\extensions
[2009/09/03 23:01:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ce525ayo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 19:07:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/06/23 00:35:04 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\FFToolbar.xml

O1 HOSTS File: ([2010/02/22 00:03:28 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 mystuff.jawbone.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [aksldmbm] C:\Users\Dan\AppData\Local\tewlri\rhjdsftav.exe ()
O4 - HKCU..\Run: [asbbulwt] C:\Users\Dan\AppData\Local\iqwrbw\rtvksftav.exe ()
O4 - HKCU..\Run: [bcyhaseb] C:\Users\Dan\AppData\Local\sjveuw\qfwssftav.exe ()
O4 - HKCU..\Run: [bkalkjtg] C:\Users\Dan\AppData\Local\mrmurc\ryeesftav.exe ()
O4 - HKCU..\Run: [ckpwyotb] C:\Users\Dan\AppData\Local\bjlude\rjecsftav.exe ()
O4 - HKCU..\Run: [crnygvnm] C:\Users\Dan\AppData\Local\bgymyq\rfxssftav.exe ()
O4 - HKCU..\Run: [crwypxep] C:\Users\Dan\AppData\Local\qmeiyg\rwaesftav.exe ()
O4 - HKCU..\Run: [dcefehbb] C:\Users\Dan\AppData\Local\rlipsw\qxeasftav.exe ()
O4 - HKCU..\Run: [dcmsmtgm] C:\Users\Dan\AppData\Local\jigrfb\qppgsftav.exe ()
O4 - HKCU..\Run: [dcotoxev] C:\Users\Dan\AppData\Local\hbuegx\qowqsftav.exe ()
O4 - HKCU..\Run: [dcufufkx] C:\Users\Dan\AppData\Local\cfdtsg\qhbnsftav.exe ()
O4 - HKCU..\Run: [dcwgwkih] C:\Users\Dan\AppData\Local\yxrgsd\qgixsftav.exe ()
O4 - HKCU..\Run: [djmuvfxh] C:\Users\Dan\AppData\Local\gxivck\rlqhsftav.exe ()
O4 - HKCU..\Run: [drexwuwj] C:\Users\Dan\AppData\Local\katrya\rovgsftav.exe ()
O4 - HKCU..\Run: [drmxerpd] C:\Users\Dan\AppData\Local\dnkbyt\rgqisftav.exe ()
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [ebkekywk] C:\Users\Dan\AppData\Local\ogjmrt\qqrqsftav.exe ()
O4 - HKCU..\Run: [ejdhlovm] C:\Users\Dan\AppData\Local\rivioi\ruwpsftav.exe ()
O4 - HKCU..\Run: [ejkhslog] C:\Users\Dan\AppData\Local\lvlqoc\rmsrsftav.exe ()
O4 - HKCU..\Run: [ejlhupmp] C:\Users\Dan\AppData\Local\iobdoy\rlacsftav.exe ()
O4 - HKCU..\Run: [ejtudcqb] C:\Users\Dan\AppData\Local\alxfce\rdlisftav.exe ()
O4 - HKCU..\Run: [fbbqaitp] C:\Users\Dan\AppData\Local\yqwxer\qayysftav.exe ()
O4 - HKCU..\Run: [fbrqqhem] C:\Users\Dan\AppData\Local\jksdeb\qjwmsftav.exe ()
O4 - HKCU..\Run: [ftp] C:\Users\Dan\AppData\Local\Temp\labeshta.DLL File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [iidpkaor] C:\Users\Dan\AppData\Local\bwipxh\rqslsftav.exe ()
O4 - HKCU..\Run: [ipcfsvuu] C:\Users\Dan\AppData\Local\yddbhf\rmdgsftav.exe ()
O4 - HKCU..\Run: [Jzitenan] C:\Users\Dan\AppData\Local\evufiyac.DLL (Sonic Solutions)
O4 - HKCU..\Run: [lwdecnox] C:\Users\Dan\AppData\Local\bkosbu\sdwssftav.exe ()
O4 - HKCU..\Run: [lwnrmeqs] C:\Users\Dan\AppData\Local\pabhov\stpksftav.exe ()
O4 - HKCU..\Run: [mgckhuuf] C:\Users\Dan\AppData\Local\lcnetu\rnxbsftav.exe ()
O4 - HKCU..\Run: [mhuxbnod] C:\Users\Dan\AppData\Local\qxfohm\rvsfsftav.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [mvcdbiqn] C:\Users\Dan\AppData\Local\erygax\sepisftav.exe ()
O4 - HKCU..\Run: [mvsdrhak] C:\Users\Dan\AppData\Local\nlulah\smnvsftav.exe ()
O4 - HKCU..\Run: [mwdqbxdf] C:\Users\Dan\AppData\Local\cbhynj\sdgnsftav.exe ()
O4 - HKCU..\Run: [mwudslxt] C:\Users\Dan\AppData\Local\kejwae\smugsftav.exe ()
O4 - HKCU..\Run: [ngskxteb] C:\Users\Dan\AppData\Local\uvijte\rwvpsftav.exe ()
O4 - HKCU..\Run: [nvioglaf] C:\Users\Dan\AppData\Local\bdtklj\swntsftav.exe ()
O4 - HKCU..\Run: [nvjphqxp] C:\Users\Dan\AppData\Local\yviwmg\svuesftav.exe ()
O4 - HKCU..\Run: [nvqoonqj] C:\Users\Dan\AppData\Roaming\rjxgmy\sopgsftav.exe ()
O4 - HKCU..\Run: [nvrcpcdb] C:\Users\Dan\AppData\Roaming\qsfyyk\snglsftav.exe ()
O4 - HKCU..\Run: [ovgnehdv] C:\Users\Dan\AppData\Roaming\ekeylm\sxgjsftav.exe ()
O4 - HKCU..\Run: [ovhbfwon] C:\Users\Dan\AppData\Local\dtlryx\sxwosftav.exe ()
O4 - HKCU..\Run: [ovobmthh] C:\Users\Dan\AppData\Roaming\vhcbxr\spsqsftav.exe ()
O4 - HKCU..\Run: [ovpnnisy] C:\Users\Dan\AppData\Roaming\uqjtld\sojvsftav.exe ()
O4 - HKCU..\Run: [ovxbvuxk] C:\Users\Dan\AppData\Local\mnhvxh\sgucsftav.exe ()
O4 - HKCU..\Run: [pgwhbder] C:\Users\Dan\AppData\Local\wggirh\rqvlsftav.exe ()
O4 - HKCU..\Run: [qfdthklt] C:\Users\Dan\AppData\Local\rkoyep\rjahsftav.exe ()
O4 - HKCU..\Run: [qulliuav] C:\Users\Dan\AppData\Local\dmqjjm\srnpsftav.exe ()
O4 - HKCU..\Run: [rfbffqcr] C:\Users\Dan\AppData\Local\vistph\rkdrsftav.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [smxgltyt] C:\Users\Dan\AppData\Local\ymralw\rhpwsftav.exe ()
O4 - HKCU..\Run: [tewpaoww] C:\Users\Dan\AppData\Local\gusqbg\qnrhsftav.exe ()
O4 - HKCU..\Run: [uenpqmgt] C:\Users\Dan\AppData\Roaming\ponuap\qwousftav.exe ()
O4 - HKCU..\Run: [ueubwtnv] C:\Users\Dan\AppData\Local\kswlmx\qotqsftav.exe ()
O4 - HKCU..\Run: [uevcyylf] C:\Users\Dan\AppData\Local\illwnu\qnbbsftav.exe ()
O4 - HKCU..\Run: [umcqoskc] C:\Users\Dan\AppData\Local\yfwrvl\rbgysftav.exe ()
O4 - HKCU..\Run: [umteggfq] C:\Users\Dan\AppData\Local\hiypjh\rkursftav.exe ()
O4 - HKCU..\Run: [uteuyjah] C:\Users\Dan\AppData\Local\tnnisr\svnjsftav.exe ()
O4 - HKCU..\Run: [utmhhves] C:\Users\Dan\AppData\Local\lklkgw\snaqsftav.exe ()
O4 - HKCU..\Run: [vecbergo] C:\Users\Dan\AppData\Local\egmumr\qgossftav.exe ()
O4 - HKCU..\Run: [velbnswr] C:\Users\Dan\AppData\Local\umrpmh\qxrfsftav.exe ()
O4 - HKCU..\Run: [vljduare] C:\Users\Dan\AppData\Local\tjfiit\rtlusftav.exe ()
O4 - HKCU..\Run: [vlsdecih] C:\Users\Dan\AppData\Local\kpkdik\rknhsftav.exe ()
O4 - HKCU..\Run: [vltqfqty] C:\Users\Dan\AppData\Local\jyrwvv\rkemsftav.exe ()
O4 - HKCU..\Run: [vtcgwpqg] C:\Users\Dan\AppData\Local\xlrdfj\swqtsftav.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Xfugaguvim] C:\Users\Dan\AppData\Local\KBDSDMe.DLL (Cyberlink)
O4 - HKCU..\Run: [ydewfviv] C:\Users\Dan\AppData\Local\iwvhjx\qciesftav.exe ()
O4 - HKCU..\Run: [ysuppinb] C:\Users\Dan\AppData\Local\kfcnpl\rbxysftav.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe (TWX Corp.)
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe ()
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kejwae
[2010/02/28 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\erygax
[2010/02/28 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\pabhov
[2010/02/28 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bkosbu
[2010/02/28 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\rjxgmy
[2010/02/28 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\qsfyyk
[2010/02/28 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\mnhvxh
[2010/02/28 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ekeylm
[2010/02/28 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qsfyyk
[2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\nlulah
[2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ekeylm
[2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\cbhynj
[2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yviwmg
[2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\vhcbxr
[2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rjxgmy
[2010/02/28 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\uqjtld
[2010/02/28 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\vhcbxr
[2010/02/28 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lklkgw
[2010/02/28 20:39:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\uqjtld
[2010/02/28 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bdtklj
[2010/02/28 20:39:39 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dtlryx
[2010/02/28 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dmqjjm
[2010/02/28 20:39:31 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tnnisr
[2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yddbhf
[2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qmeiyg
[2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\katrya
[2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bgymyq
[2010/02/28 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kfcnpl
[2010/02/28 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iqwrbw
[2010/02/28 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dnkbyt
[2010/02/28 20:38:48 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\xlrdfj
[2010/02/28 20:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\alxfce
[2010/02/28 20:35:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bwipxh
[2010/02/28 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bjlude
[2010/02/28 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\hiypjh
[2010/02/28 20:35:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ymralw
[2010/02/28 20:35:18 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\gxivck
[2010/02/28 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jyrwvv
[2010/02/28 20:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rivioi
[2010/02/28 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tewlri
[2010/02/28 20:35:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yfwrvl
[2010/02/28 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tjfiit
[2010/02/28 20:35:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\mrmurc
[2010/02/28 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iobdoy
[2010/02/28 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kpkdik
[2010/02/28 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lvlqoc
[2010/02/28 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qxfohm
[2010/02/28 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\illwnu
[2010/02/28 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\uvijte
[2010/02/28 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\vistph
[2010/02/28 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lcnetu
[2010/02/28 20:32:31 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\gusqbg
[2010/02/28 20:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rkoyep
[2010/02/28 20:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\wggirh
[2010/02/28 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ponuap
[2010/02/28 20:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\umrpmh
[2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ponuap
[2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kswlmx
[2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\egmumr
[2010/02/28 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iwvhjx
[2010/02/28 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\cfdtsg
[2010/02/28 20:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\sjveuw
[2010/02/28 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rlipsw
[2010/02/28 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\hbuegx
[2010/02/28 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yxrgsd
[2010/02/28 20:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jigrfb
[2010/02/28 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ogjmrt
[2010/02/28 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yqwxer
[2010/02/28 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jksdeb
[2010/02/28 11:04:56 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/28 11:04:56 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/28 11:04:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/28 11:04:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/28 11:04:53 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/28 11:04:53 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/28 11:04:52 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/28 11:04:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/28 11:04:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/22 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\JawboneUpdater
[2010/02/22 00:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jawbone
[2010/02/19 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\{C43B9C30-05A9-4A47-8327-D75EF0D6B28F}
[2010/02/18 00:39:01 | 000,028,160 | R-S- | C] (TWX Corp.) -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe
[2010/02/09 20:06:59 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/09 20:06:58 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/02/09 20:06:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/09 20:06:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/09 20:06:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2008/01/20 21:49:14 | 000,159,232 | ---- | C] (Sonic Solutions) -- C:\Users\Dan\AppData\Local\evufiyac.dll
[2008/01/20 21:49:14 | 000,152,576 | ---- | C] (Electronic Arts) -- C:\Users\Dan\AppData\Local\ameqeduk.dll
[2008/01/20 21:49:14 | 000,147,456 | ---- | C] (RAD Game Tools, Inc.) -- C:\Users\Dan\AppData\Local\azetokesikomeje.dll
[2008/01/20 21:49:14 | 000,044,032 | ---- | C] (Cyberlink) -- C:\Users\Dan\AppData\Local\KBDSDMe.dll

========== Files - Modified Within 30 Days ==========

[2010/03/01 21:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/01 21:38:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/01 21:37:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/01 21:37:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/01 21:36:47 | 001,835,008 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT
[2010/03/01 21:36:47 | 000,524,288 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 21:36:47 | 000,065,536 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/01 21:36:40 | 001,850,494 | -H-- | M] () -- C:\Users\Dan\AppData\Local\IconCache.db
[2010/03/01 21:29:10 | 000,002,975 | ---- | M] () -- C:\Users\Dan\AppData\Local\Gwaqoxevokoxaxed.dat
[2010/03/01 21:11:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102215084-3056600008-2421345224-1004UA.job
[2010/03/01 20:59:34 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/01 20:59:34 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/01 20:59:34 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/01 20:51:56 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2010/03/01 20:02:25 | 000,015,688 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/03/01 19:22:22 | 000,000,000 | ---- | M] () -- C:\Users\Dan\AppData\Local\Fhuvuvekanug.bin
[2010/02/28 21:11:24 | 000,008,224 | ---- | M] () -- C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/28 20:47:03 | 000,316,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/26 20:11:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102215084-3056600008-2421345224-1004Core.job
[2010/02/22 00:04:22 | 000,000,846 | ---- | M] () -- C:\Users\Dan\Desktop\Jawbone Updater.lnk
[2010/02/18 00:39:04 | 000,000,024 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
[2010/02/18 00:39:01 | 000,000,012 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\avdrn.dat
[2010/02/18 00:39:00 | 000,028,160 | R-S- | M] (TWX Corp.) -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe
[2010/02/17 00:38:57 | 000,023,040 | R-S- | M] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe
[2010/02/10 19:12:10 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/02/09 00:44:11 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/02/09 00:28:10 | 000,000,020 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\sgcpom.dat

========== Files Created - No Company Name ==========

[2010/03/01 19:29:19 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/02/28 11:08:42 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/02/28 11:04:57 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/28 11:04:57 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/02/28 11:04:55 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/28 11:04:55 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/28 11:04:53 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/02/28 11:04:53 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/28 11:04:52 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/02/28 11:04:52 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/28 11:04:52 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/22 00:04:22 | 000,000,846 | ---- | C] () -- C:\Users\Dan\Desktop\Jawbone Updater.lnk
[2010/02/19 23:53:54 | 000,002,975 | ---- | C] () -- C:\Users\Dan\AppData\Local\Gwaqoxevokoxaxed.dat
[2010/02/19 23:53:54 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\Fhuvuvekanug.bin
[2010/02/18 00:39:04 | 000,000,024 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
[2010/02/17 00:38:57 | 000,023,040 | R-S- | C] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe
[2010/02/10 19:12:10 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/02/09 20:07:00 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/02/09 20:06:59 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/09 20:06:59 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/02/09 20:06:59 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/02/09 20:06:59 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/09 20:06:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/02/09 20:06:58 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/02/09 20:06:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/02/09 20:06:58 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/02/09 20:06:58 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/02/09 20:06:30 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/02/09 20:06:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/02/09 20:06:25 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/02/09 20:06:25 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/02/09 20:06:22 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/02/09 20:06:17 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/09 00:28:10 | 000,000,020 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\sgcpom.dat
[2010/02/09 00:28:07 | 000,000,012 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\avdrn.dat
[2009/10/21 22:08:30 | 000,007,094 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/09 10:05:50 | 000,076,407 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Smiley.ico
[2009/01/27 19:39:08 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/27 19:39:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/10/16 22:41:37 | 000,026,624 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 23:14:02 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/04/08 20:54:44 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/04/08 20:54:44 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/04/08 20:54:44 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 2nd March 2010, 3:07 am

OTL Extras logfile created on: 3/1/2010 9:43:26 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Dan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 149.12 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.06 Gb Free Space | 51.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AR24NC15RH3
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07297BBB-F686-4753-BFB3-8B3CE3F21AB8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1772B6A8-34B1-4C9D-AB7C-B5426F714EE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18DDC471-30AD-41E7-ADEF-172BB112D665}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4ED2379A-A113-41A3-8ACF-4F0DE95113C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5BCCB62F-21D5-421C-B618-D6A255EDA7A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61E341BB-FA6D-49D3-8FC4-1418DF46D336}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77F60A95-2330-4EF1-89B3-9327216D760D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{976B404A-1862-4430-A785-CDBAF45445FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5CD5C31-6884-49B9-BC44-9C401416CA05}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E743676D-DC0F-44E9-B8F4-DA4BB7536DDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0426E24E-EC79-49D0-BA9A-707B17ED8BC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0B8F9D3A-9E72-4B63-8E42-FFA778342AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{226FFDEC-808F-44DC-ACC9-9CCA59218168}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{2EA59420-A5C7-4E6E-8AE9-B6C052D0400F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4CFC7571-2C50-41A9-B0CB-E0A15BF0CE22}" = protocol=17 | dir=in | app=c:\program files (x86)\jawbone\jawboneupdater.exe |
"{626CBFDC-04DD-4E13-9659-E8D8C8233097}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{6708D2E6-975B-44D0-B582-4BDA3D22D16D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7113687C-F8A9-457D-B8B4-B78AA0A5B1AC}" = protocol=6 | dir=in | app=c:\program files (x86)\jawbone\jawboneupdater.exe |
"{7EEEF261-0694-43E2-8419-9AD2477A2B2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89C51240-8C24-49DE-ABDA-520C66775ED5}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{8E1BCF27-F80D-48E3-9244-FF2D5F99F592}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{A4954EE2-02F4-4564-8938-2EF8A7E2812E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C55B852E-FA4D-46E6-A3F6-5134A656F973}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5B9D7C4-14A6-428B-90BD-C369549F81DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C97CC293-9529-49EC-A69E-B4C00F8FE9B1}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{D38B8D32-225F-4C61-A36A-83F5CA49C472}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{DB3C7B29-5A50-42A4-B41F-44AA6DC55C1B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F65F405B-1762-4C0D-8962-0E01D9A2C2CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{B034B245-7FDD-44E7-8A6F-74C955069BB4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B7902454-CC61-44D3-B025-153ABBF80393}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{63563325-B7B2-4A9A-A7C3-B79CBC624F2A}" = Becker CPA Review CD-ROM Course and PassMaster - 2009 Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{83475EE2-08BD-4134-B4F9-F3FA46EDC508}" = Geek Squad 24 Hour Computer Support
"{83A867EF-8D2E-4CAF-A1DD-B3996724CF78}" = ErrorFix
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5232150-5F44-4B21-9281-3869C7791B1E}" = SampleTestInstall
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"BitZipper_is1" = BitZipper 5.1
"Bodog Poker_is1" = Bodog Poker Version 2.16.1.52
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"GamingHarbor Toolbar" = GamingHarbor Toolbar
"GSpot" = GSpot Codec Information Appliance
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"IObit Security 360_is1" = IObit Security 360
"Jawbone Updater" = Jawbone Updater
"jZip" = jZip
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"NSS" = Norton Security Scan
"SolveigMM WMP Trimmer Plugin" = SolveigMM WMP Trimmer Plugin
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2010 10:33:16 PM | Computer Name = AR24NC15RH3 | Source = Windows Search Service | ID = 3013
Description =

Error - 2/11/2010 10:33:17 PM | Computer Name = AR24NC15RH3 | Source = Windows Search Service | ID = 3013
Description =

Error - 2/11/2010 10:33:17 PM | Computer Name = AR24NC15RH3 | Source = Windows Search Service | ID = 3013
Description =

Error - 2/11/2010 10:33:22 PM | Computer Name = AR24NC15RH3 | Source = Windows Search Service | ID = 3013
Description =

Error - 2/13/2010 2:27:15 AM | Computer Name = AR24NC15RH3 | Source = WinMgmt | ID = 10
Description =

Error - 2/13/2010 2:27:50 AM | Computer Name = AR24NC15RH3 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/14/2010 4:46:00 PM | Computer Name = AR24NC15RH3 | Source = WinMgmt | ID = 10
Description =

Error - 2/14/2010 4:46:27 PM | Computer Name = AR24NC15RH3 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/14/2010 6:46:07 PM | Computer Name = AR24NC15RH3 | Source = WinMgmt | ID = 10
Description =

Error - 2/14/2010 6:46:38 PM | Computer Name = AR24NC15RH3 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 10/11/2009 10:42:04 PM | Computer Name = AR24NC15RH3 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/12/2009 11:55:09 PM | Computer Name = AR24NC15RH3 | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 3/1/2010 12:50:20 AM | Computer Name = AR24NC15RH3 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/1/2010 9:51:35 PM | Computer Name = AR24NC15RH3 | Source = HTTP | ID = 15016
Description =

Error - 3/1/2010 10:15:29 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10010
Description =

Error - 3/1/2010 10:37:41 PM | Computer Name = AR24NC15RH3 | Source = HTTP | ID = 15016
Description =

Error - 3/1/2010 10:39:46 PM | Computer Name = AR24NC15RH3 | Source = Service Control Manager | ID = 7001
Description =

Error - 3/1/2010 10:39:46 PM | Computer Name = AR24NC15RH3 | Source = Service Control Manager | ID = 7026
Description =

Error - 3/1/2010 10:39:53 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10005
Description =

Error - 3/1/2010 10:40:01 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10005
Description =

Error - 3/1/2010 10:40:03 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10005
Description =

Error - 3/1/2010 10:40:04 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10005
Description =

Error - 3/1/2010 10:40:10 PM | Computer Name = AR24NC15RH3 | Source = DCOM | ID = 10005
Description =


< End of report >

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by Dr Jay on 2nd March 2010, 7:33 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKCU..\Run: [aksldmbm] C:\Users\Dan\AppData\Local\tewlri\rhjdsftav.exe ()
    O4 - HKCU..\Run: [asbbulwt] C:\Users\Dan\AppData\Local\iqwrbw\rtvksftav.exe ()
    O4 - HKCU..\Run: [bcyhaseb] C:\Users\Dan\AppData\Local\sjveuw\qfwssftav.exe ()
    O4 - HKCU..\Run: [bkalkjtg] C:\Users\Dan\AppData\Local\mrmurc\ryeesftav.exe ()
    O4 - HKCU..\Run: [ckpwyotb] C:\Users\Dan\AppData\Local\bjlude\rjecsftav.exe ()
    O4 - HKCU..\Run: [crnygvnm] C:\Users\Dan\AppData\Local\bgymyq\rfxssftav.exe ()
    O4 - HKCU..\Run: [crwypxep] C:\Users\Dan\AppData\Local\qmeiyg\rwaesftav.exe ()
    O4 - HKCU..\Run: [dcefehbb] C:\Users\Dan\AppData\Local\rlipsw\qxeasftav.exe ()
    O4 - HKCU..\Run: [dcmsmtgm] C:\Users\Dan\AppData\Local\jigrfb\qppgsftav.exe ()
    O4 - HKCU..\Run: [dcotoxev] C:\Users\Dan\AppData\Local\hbuegx\qowqsftav.exe ()
    O4 - HKCU..\Run: [dcufufkx] C:\Users\Dan\AppData\Local\cfdtsg\qhbnsftav.exe ()
    O4 - HKCU..\Run: [dcwgwkih] C:\Users\Dan\AppData\Local\yxrgsd\qgixsftav.exe ()
    O4 - HKCU..\Run: [djmuvfxh] C:\Users\Dan\AppData\Local\gxivck\rlqhsftav.exe ()
    O4 - HKCU..\Run: [drexwuwj] C:\Users\Dan\AppData\Local\katrya\rovgsftav.exe ()
    O4 - HKCU..\Run: [drmxerpd] C:\Users\Dan\AppData\Local\dnkbyt\rgqisftav.exe ()
    O4 - HKCU..\Run: [ebkekywk] C:\Users\Dan\AppData\Local\ogjmrt\qqrqsftav.exe ()
    O4 - HKCU..\Run: [ejdhlovm] C:\Users\Dan\AppData\Local\rivioi\ruwpsftav.exe ()
    O4 - HKCU..\Run: [ejkhslog] C:\Users\Dan\AppData\Local\lvlqoc\rmsrsftav.exe ()
    O4 - HKCU..\Run: [ejlhupmp] C:\Users\Dan\AppData\Local\iobdoy\rlacsftav.exe ()
    O4 - HKCU..\Run: [ejtudcqb] C:\Users\Dan\AppData\Local\alxfce\rdlisftav.exe ()
    O4 - HKCU..\Run: [fbbqaitp] C:\Users\Dan\AppData\Local\yqwxer\qayysftav.exe ()
    O4 - HKCU..\Run: [fbrqqhem] C:\Users\Dan\AppData\Local\jksdeb\qjwmsftav.exe ()
    O4 - HKCU..\Run: [ftp] C:\Users\Dan\AppData\Local\Temp\labeshta.DLL File not found
    O4 - HKCU..\Run: [iidpkaor] C:\Users\Dan\AppData\Local\bwipxh\rqslsftav.exe ()
    O4 - HKCU..\Run: [ipcfsvuu] C:\Users\Dan\AppData\Local\yddbhf\rmdgsftav.exe ()
    O4 - HKCU..\Run: [Jzitenan] C:\Users\Dan\AppData\Local\evufiyac.DLL (Sonic Solutions)
    O4 - HKCU..\Run: [lwdecnox] C:\Users\Dan\AppData\Local\bkosbu\sdwssftav.exe ()
    O4 - HKCU..\Run: [lwnrmeqs] C:\Users\Dan\AppData\Local\pabhov\stpksftav.exe ()
    O4 - HKCU..\Run: [mgckhuuf] C:\Users\Dan\AppData\Local\lcnetu\rnxbsftav.exe ()
    O4 - HKCU..\Run: [mhuxbnod] C:\Users\Dan\AppData\Local\qxfohm\rvsfsftav.exe ()
    O4 - HKCU..\Run: [mvcdbiqn] C:\Users\Dan\AppData\Local\erygax\sepisftav.exe ()
    O4 - HKCU..\Run: [mvsdrhak] C:\Users\Dan\AppData\Local\nlulah\smnvsftav.exe ()
    O4 - HKCU..\Run: [mwdqbxdf] C:\Users\Dan\AppData\Local\cbhynj\sdgnsftav.exe ()
    O4 - HKCU..\Run: [mwudslxt] C:\Users\Dan\AppData\Local\kejwae\smugsftav.exe ()
    O4 - HKCU..\Run: [ngskxteb] C:\Users\Dan\AppData\Local\uvijte\rwvpsftav.exe ()
    O4 - HKCU..\Run: [nvioglaf] C:\Users\Dan\AppData\Local\bdtklj\swntsftav.exe ()
    O4 - HKCU..\Run: [nvjphqxp] C:\Users\Dan\AppData\Local\yviwmg\svuesftav.exe ()
    O4 - HKCU..\Run: [nvqoonqj] C:\Users\Dan\AppData\Roaming\rjxgmy\sopgsftav.exe ()
    O4 - HKCU..\Run: [nvrcpcdb] C:\Users\Dan\AppData\Roaming\qsfyyk\snglsftav.exe ()
    O4 - HKCU..\Run: [ovgnehdv] C:\Users\Dan\AppData\Roaming\ekeylm\sxgjsftav.exe ()
    O4 - HKCU..\Run: [ovhbfwon] C:\Users\Dan\AppData\Local\dtlryx\sxwosftav.exe ()
    O4 - HKCU..\Run: [ovobmthh] C:\Users\Dan\AppData\Roaming\vhcbxr\spsqsftav.exe ()
    O4 - HKCU..\Run: [ovpnnisy] C:\Users\Dan\AppData\Roaming\uqjtld\sojvsftav.exe ()
    O4 - HKCU..\Run: [ovxbvuxk] C:\Users\Dan\AppData\Local\mnhvxh\sgucsftav.exe ()
    O4 - HKCU..\Run: [pgwhbder] C:\Users\Dan\AppData\Local\wggirh\rqvlsftav.exe ()
    O4 - HKCU..\Run: [qfdthklt] C:\Users\Dan\AppData\Local\rkoyep\rjahsftav.exe ()
    O4 - HKCU..\Run: [qulliuav] C:\Users\Dan\AppData\Local\dmqjjm\srnpsftav.exe ()
    O4 - HKCU..\Run: [rfbffqcr] C:\Users\Dan\AppData\Local\vistph\rkdrsftav.exe ()
    O4 - HKCU..\Run: [smxgltyt] C:\Users\Dan\AppData\Local\ymralw\rhpwsftav.exe ()
    O4 - HKCU..\Run: [tewpaoww] C:\Users\Dan\AppData\Local\gusqbg\qnrhsftav.exe ()
    O4 - HKCU..\Run: [uenpqmgt] C:\Users\Dan\AppData\Roaming\ponuap\qwousftav.exe ()
    O4 - HKCU..\Run: [ueubwtnv] C:\Users\Dan\AppData\Local\kswlmx\qotqsftav.exe ()
    O4 - HKCU..\Run: [uevcyylf] C:\Users\Dan\AppData\Local\illwnu\qnbbsftav.exe ()
    O4 - HKCU..\Run: [umcqoskc] C:\Users\Dan\AppData\Local\yfwrvl\rbgysftav.exe ()
    O4 - HKCU..\Run: [umteggfq] C:\Users\Dan\AppData\Local\hiypjh\rkursftav.exe ()
    O4 - HKCU..\Run: [uteuyjah] C:\Users\Dan\AppData\Local\tnnisr\svnjsftav.exe ()
    O4 - HKCU..\Run: [utmhhves] C:\Users\Dan\AppData\Local\lklkgw\snaqsftav.exe ()
    O4 - HKCU..\Run: [vecbergo] C:\Users\Dan\AppData\Local\egmumr\qgossftav.exe ()
    O4 - HKCU..\Run: [velbnswr] C:\Users\Dan\AppData\Local\umrpmh\qxrfsftav.exe ()
    O4 - HKCU..\Run: [vljduare] C:\Users\Dan\AppData\Local\tjfiit\rtlusftav.exe ()
    O4 - HKCU..\Run: [vlsdecih] C:\Users\Dan\AppData\Local\kpkdik\rknhsftav.exe ()
    O4 - HKCU..\Run: [vltqfqty] C:\Users\Dan\AppData\Local\jyrwvv\rkemsftav.exe ()
    O4 - HKCU..\Run: [vtcgwpqg] C:\Users\Dan\AppData\Local\xlrdfj\swqtsftav.exe ()
    O4 - HKCU..\Run: [Xfugaguvim] C:\Users\Dan\AppData\Local\KBDSDMe.DLL (Cyberlink)
    O4 - HKCU..\Run: [ydewfviv] C:\Users\Dan\AppData\Local\iwvhjx\qciesftav.exe ()
    O4 - HKCU..\Run: [ysuppinb] C:\Users\Dan\AppData\Local\kfcnpl\rbxysftav.exe ()
    O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe (TWX Corp.)
    O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe ()
    [2010/02/28 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kejwae
    [2010/02/28 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\erygax
    [2010/02/28 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\pabhov
    [2010/02/28 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bkosbu
    [2010/02/28 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\rjxgmy
    [2010/02/28 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\qsfyyk
    [2010/02/28 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\mnhvxh
    [2010/02/28 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ekeylm
    [2010/02/28 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qsfyyk
    [2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\nlulah
    [2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ekeylm
    [2010/02/28 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\cbhynj
    [2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yviwmg
    [2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\vhcbxr
    [2010/02/28 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rjxgmy
    [2010/02/28 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\uqjtld
    [2010/02/28 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\vhcbxr
    [2010/02/28 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lklkgw
    [2010/02/28 20:39:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\uqjtld
    [2010/02/28 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bdtklj
    [2010/02/28 20:39:39 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dtlryx
    [2010/02/28 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dmqjjm
    [2010/02/28 20:39:31 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tnnisr
    [2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yddbhf
    [2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qmeiyg
    [2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\katrya
    [2010/02/28 20:38:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bgymyq
    [2010/02/28 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kfcnpl
    [2010/02/28 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iqwrbw
    [2010/02/28 20:38:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\dnkbyt
    [2010/02/28 20:38:48 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\xlrdfj
    [2010/02/28 20:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\alxfce
    [2010/02/28 20:35:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bwipxh
    [2010/02/28 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\bjlude
    [2010/02/28 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\hiypjh
    [2010/02/28 20:35:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ymralw
    [2010/02/28 20:35:18 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\gxivck
    [2010/02/28 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jyrwvv
    [2010/02/28 20:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rivioi
    [2010/02/28 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tewlri
    [2010/02/28 20:35:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yfwrvl
    [2010/02/28 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\tjfiit
    [2010/02/28 20:35:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\mrmurc
    [2010/02/28 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iobdoy
    [2010/02/28 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kpkdik
    [2010/02/28 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lvlqoc
    [2010/02/28 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\qxfohm
    [2010/02/28 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\illwnu
    [2010/02/28 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\uvijte
    [2010/02/28 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\vistph
    [2010/02/28 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\lcnetu
    [2010/02/28 20:32:31 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\gusqbg
    [2010/02/28 20:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rkoyep
    [2010/02/28 20:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\wggirh
    [2010/02/28 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ponuap
    [2010/02/28 20:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\umrpmh
    [2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ponuap
    [2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\kswlmx
    [2010/02/28 20:31:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\egmumr
    [2010/02/28 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\iwvhjx
    [2010/02/28 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\cfdtsg
    [2010/02/28 20:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\sjveuw
    [2010/02/28 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\rlipsw
    [2010/02/28 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\hbuegx
    [2010/02/28 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yxrgsd
    [2010/02/28 20:30:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jigrfb
    [2010/02/28 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ogjmrt
    [2010/02/28 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\yqwxer
    [2010/02/28 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\jksdeb
    [2010/03/01 21:29:10 | 000,002,975 | ---- | M] () -- C:\Users\Dan\AppData\Local\Gwaqoxevokoxaxed.dat
    [2010/03/01 19:22:22 | 000,000,000 | ---- | M] () -- C:\Users\Dan\AppData\Local\Fhuvuvekanug.bin
    [2010/02/18 00:39:04 | 000,000,024 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
    [2010/02/18 00:39:01 | 000,000,012 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\avdrn.dat
    [2010/02/18 00:39:00 | 000,028,160 | R-S- | M] (TWX Corp.) -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe
    [2010/02/17 00:38:57 | 000,023,040 | R-S- | M] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply as well as the OTL fix log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 3rd March 2010, 4:44 am

When i try to run the fix in otl it freezes up and i have to end it by using the task manager. does it matter that i am doing all of this in safe mode because i cannot get on otl in regular mode. please advise.

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by Dr Jay on 3rd March 2010, 5:26 am

It freezes because of too much information. Try little bits at a time. Like, do 10 lines, then 10 more lines, etc.

After each time, a new log launches, save the information from all of them in to one document, like in Notepad. So, I may see if it all was deleted.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 5th March 2010, 5:24 am

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_000943
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aksldmbm deleted successfully.
C:\Users\Dan\AppData\Local\tewlri\rhjdsftav.exe moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_001338
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asbbulwt deleted successfully.
C:\Users\Dan\AppData\Local\iqwrbw\rtvksftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bcyhaseb deleted successfully.
C:\Users\Dan\AppData\Local\sjveuw\qfwssftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bkalkjtg deleted successfully.
C:\Users\Dan\AppData\Local\mrmurc\ryeesftav.exe moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_001443
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ckpwyotb deleted successfully.
C:\Users\Dan\AppData\Local\bjlude\rjecsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crnygvnm deleted successfully.
C:\Users\Dan\AppData\Local\bgymyq\rfxssftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crwypxep deleted successfully.
C:\Users\Dan\AppData\Local\qmeiyg\rwaesftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dcefehbb deleted successfully.
C:\Users\Dan\AppData\Local\rlipsw\qxeasftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsmtgm deleted successfully.
C:\Users\Dan\AppData\Local\jigrfb\qppgsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dcotoxev deleted successfully.
C:\Users\Dan\AppData\Local\hbuegx\qowqsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dcufufkx deleted successfully.
C:\Users\Dan\AppData\Local\cfdtsg\qhbnsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dcwgwkih deleted successfully.
C:\Users\Dan\AppData\Local\yxrgsd\qgixsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\djmuvfxh deleted successfully.
C:\Users\Dan\AppData\Local\gxivck\rlqhsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drexwuwj deleted successfully.
C:\Users\Dan\AppData\Local\katrya\rovgsftav.exe moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_001527
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drmxerpd deleted successfully.
C:\Users\Dan\AppData\Local\dnkbyt\rgqisftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ebkekywk deleted successfully.
C:\Users\Dan\AppData\Local\ogjmrt\qqrqsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ejdhlovm deleted successfully.
C:\Users\Dan\AppData\Local\rivioi\ruwpsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ejkhslog deleted successfully.
C:\Users\Dan\AppData\Local\lvlqoc\rmsrsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ejlhupmp deleted successfully.
C:\Users\Dan\AppData\Local\iobdoy\rlacsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ejtudcqb deleted successfully.
C:\Users\Dan\AppData\Local\alxfce\rdlisftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fbbqaitp deleted successfully.
C:\Users\Dan\AppData\Local\yqwxer\qayysftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fbrqqhem deleted successfully.
C:\Users\Dan\AppData\Local\jksdeb\qjwmsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ftp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iidpkaor deleted successfully.
C:\Users\Dan\AppData\Local\bwipxh\rqslsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ipcfsvuu deleted successfully.
C:\Users\Dan\AppData\Local\yddbhf\rmdgsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jzitenan deleted successfully.
C:\Users\Dan\AppData\Local\evufiyac.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lwdecnox deleted successfully.
C:\Users\Dan\AppData\Local\bkosbu\sdwssftav.exe moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_001750
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lwnrmeqs deleted successfully.
C:\Users\Dan\AppData\Local\pabhov\stpksftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mgckhuuf deleted successfully.
C:\Users\Dan\AppData\Local\lcnetu\rnxbsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mhuxbnod deleted successfully.
C:\Users\Dan\AppData\Local\qxfohm\rvsfsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mvcdbiqn deleted successfully.
C:\Users\Dan\AppData\Local\erygax\sepisftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mvsdrhak deleted successfully.
C:\Users\Dan\AppData\Local\nlulah\smnvsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mwdqbxdf deleted successfully.
C:\Users\Dan\AppData\Local\cbhynj\sdgnsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mwudslxt deleted successfully.
C:\Users\Dan\AppData\Local\kejwae\smugsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ngskxteb deleted successfully.
C:\Users\Dan\AppData\Local\uvijte\rwvpsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nvioglaf deleted successfully.
C:\Users\Dan\AppData\Local\bdtklj\swntsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nvjphqxp deleted successfully.
C:\Users\Dan\AppData\Local\yviwmg\svuesftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nvqoonqj deleted successfully.
C:\Users\Dan\AppData\Roaming\rjxgmy\sopgsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nvrcpcdb deleted successfully.
C:\Users\Dan\AppData\Roaming\qsfyyk\snglsftav.exe moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_001836
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ovgnehdv deleted successfully.
C:\Users\Dan\AppData\Roaming\ekeylm\sxgjsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ovhbfwon deleted successfully.
C:\Users\Dan\AppData\Local\dtlryx\sxwosftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ovobmthh deleted successfully.
C:\Users\Dan\AppData\Roaming\vhcbxr\spsqsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ovpnnisy deleted successfully.
C:\Users\Dan\AppData\Roaming\uqjtld\sojvsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ovxbvuxk deleted successfully.
C:\Users\Dan\AppData\Local\mnhvxh\sgucsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pgwhbder deleted successfully.
C:\Users\Dan\AppData\Local\wggirh\rqvlsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qfdthklt deleted successfully.
C:\Users\Dan\AppData\Local\rkoyep\rjahsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qulliuav deleted successfully.
C:\Users\Dan\AppData\Local\dmqjjm\srnpsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rfbffqcr deleted successfully.
C:\Users\Dan\AppData\Local\vistph\rkdrsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smxgltyt deleted successfully.
C:\Users\Dan\AppData\Local\ymralw\rhpwsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tewpaoww deleted successfully.
C:\Users\Dan\AppData\Local\gusqbg\qnrhsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uenpqmgt deleted successfully.
C:\Users\Dan\AppData\Roaming\ponuap\qwousftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ueubwtnv deleted successfully.
C:\Users\Dan\AppData\Local\kswlmx\qotqsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uevcyylf deleted successfully.
C:\Users\Dan\AppData\Local\illwnu\qnbbsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\umcqoskc deleted successfully.
C:\Users\Dan\AppData\Local\yfwrvl\rbgysftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\umteggfq deleted successfully.
C:\Users\Dan\AppData\Local\hiypjh\rkursftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uteuyjah deleted successfully.
C:\Users\Dan\AppData\Local\tnnisr\svnjsftav.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\utmhhves deleted successfully.
========== OTL ==========
C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe moved successfully.
C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe moved successfully.
C:\Users\Dan\AppData\Local\kejwae folder moved successfully.
C:\Users\Dan\AppData\Local\erygax folder moved successfully.
C:\Users\Dan\AppData\Local\pabhov folder moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_002025
C:\Users\Dan\AppData\Local\bkosbu folder moved successfully.
C:\Users\Dan\AppData\Roaming\rjxgmy folder moved successfully.
C:\Users\Dan\AppData\Roaming\qsfyyk folder moved successfully.
C:\Users\Dan\AppData\Local\mnhvxh folder moved successfully.
C:\Users\Dan\AppData\Roaming\ekeylm folder moved successfully.
C:\Users\Dan\AppData\Local\qsfyyk folder moved successfully.
C:\Users\Dan\AppData\Local\nlulah folder moved successfully.
C:\Users\Dan\AppData\Local\ekeylm folder moved successfully.
C:\Users\Dan\AppData\Local\cbhynj folder moved successfully.
C:\Users\Dan\AppData\Local\yviwmg folder moved successfully.
C:\Users\Dan\AppData\Roaming\vhcbxr folder moved successfully.
C:\Users\Dan\AppData\Local\rjxgmy folder moved successfully.
C:\Users\Dan\AppData\Roaming\uqjtld folder moved successfully.
C:\Users\Dan\AppData\Local\vhcbxr folder moved successfully.
C:\Users\Dan\AppData\Local\lklkgw folder moved successfully.
C:\Users\Dan\AppData\Local\uqjtld folder moved successfully.
C:\Users\Dan\AppData\Local\bdtklj folder moved successfully.
C:\Users\Dan\AppData\Local\dtlryx folder moved successfully.
C:\Users\Dan\AppData\Local\dmqjjm folder moved successfully.
C:\Users\Dan\AppData\Local\tnnisr folder moved successfully.
C:\Users\Dan\AppData\Local\yddbhf folder moved successfully.
C:\Users\Dan\AppData\Local\qmeiyg folder moved successfully.
C:\Users\Dan\AppData\Local\katrya folder moved successfully.
C:\Users\Dan\AppData\Local\bgymyq folder moved successfully.
C:\Users\Dan\AppData\Local\kfcnpl folder moved successfully.
C:\Users\Dan\AppData\Local\iqwrbw folder moved successfully.
C:\Users\Dan\AppData\Local\dnkbyt folder moved successfully.
C:\Users\Dan\AppData\Local\xlrdfj folder moved successfully.
C:\Users\Dan\AppData\Local\alxfce folder moved successfully.
C:\Users\Dan\AppData\Local\bwipxh folder moved successfully.
C:\Users\Dan\AppData\Local\bjlude folder moved successfully.
C:\Users\Dan\AppData\Local\hiypjh folder moved successfully.
C:\Users\Dan\AppData\Local\ymralw folder moved successfully.
C:\Users\Dan\AppData\Local\gxivck folder moved successfully.
C:\Users\Dan\AppData\Local\jyrwvv folder moved successfully.
C:\Users\Dan\AppData\Local\rivioi folder moved successfully.
C:\Users\Dan\AppData\Local\tewlri folder moved successfully.
C:\Users\Dan\AppData\Local\yfwrvl folder moved successfully.
C:\Users\Dan\AppData\Local\tjfiit folder moved successfully.
C:\Users\Dan\AppData\Local\mrmurc folder moved successfully.
C:\Users\Dan\AppData\Local\iobdoy folder moved successfully.
C:\Users\Dan\AppData\Local\kpkdik folder moved successfully.
C:\Users\Dan\AppData\Local\lvlqoc folder moved successfully.
C:\Users\Dan\AppData\Local\qxfohm folder moved successfully.
C:\Users\Dan\AppData\Local\illwnu folder moved successfully.
C:\Users\Dan\AppData\Local\uvijte folder moved successfully.
C:\Users\Dan\AppData\Local\vistph folder moved successfully.
C:\Users\Dan\AppData\Local\lcnetu folder moved successfully.
C:\Users\Dan\AppData\Local\gusqbg folder moved successfully.
C:\Users\Dan\AppData\Local\rkoyep folder moved successfully.
C:\Users\Dan\AppData\Local\wggirh folder moved successfully.
C:\Users\Dan\AppData\Roaming\ponuap folder moved successfully.
C:\Users\Dan\AppData\Local\umrpmh folder moved successfully.
C:\Users\Dan\AppData\Local\ponuap folder moved successfully.
C:\Users\Dan\AppData\Local\kswlmx folder moved successfully.
C:\Users\Dan\AppData\Local\egmumr folder moved successfully.
C:\Users\Dan\AppData\Local\iwvhjx folder moved successfully.
C:\Users\Dan\AppData\Local\cfdtsg folder moved successfully.
C:\Users\Dan\AppData\Local\sjveuw folder moved successfully.
C:\Users\Dan\AppData\Local\rlipsw folder moved successfully.
C:\Users\Dan\AppData\Local\hbuegx folder moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_002131
========== OTL ==========
C:\Users\Dan\AppData\Local\yxrgsd folder moved successfully.
C:\Users\Dan\AppData\Local\jigrfb folder moved successfully.
C:\Users\Dan\AppData\Local\ogjmrt folder moved successfully.
C:\Users\Dan\AppData\Local\yqwxer folder moved successfully.
C:\Users\Dan\AppData\Local\jksdeb folder moved successfully.
C:\Users\Dan\AppData\Local\Gwaqoxevokoxaxed.dat moved successfully.
C:\Users\Dan\AppData\Local\Fhuvuvekanug.bin moved successfully.
C:\Users\Dan\AppData\Roaming\cqfyto.dat moved successfully.
C:\Users\Dan\AppData\Roaming\avdrn.dat moved successfully.
File C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe not found.
File C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuza32.exe not found.

OTL by OldTimer - Version 3.1.32.0 log created on 03052010_002224

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 5th March 2010, 12:07 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3825
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

3/5/2010 7:06:45 AM
mbam-log-2010-03-05 (07-06-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 288312
Time elapsed: 50 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe (Adware.ColorSoft) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Temp\~TMD695.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Temp\~TMD6B5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Temp\~TMEBF6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Temp\~TMF98D.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Dan\Downloads\downloadadwarepro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001338\C_Users\Dan\AppData\Local\tewlri\rhjdsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001443\C_Users\Dan\AppData\Local\iqwrbw\rtvksftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001443\C_Users\Dan\AppData\Local\mrmurc\ryeesftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001443\C_Users\Dan\AppData\Local\sjveuw\qfwssftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\bgymyq\rfxssftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\bjlude\rjecsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\cfdtsg\qhbnsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\gxivck\rlqhsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\hbuegx\qowqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\jigrfb\qppgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\katrya\rovgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\qmeiyg\rwaesftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\rlipsw\qxeasftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001527\C_Users\Dan\AppData\Local\yxrgsd\qgixsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\alxfce\rdlisftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\bkosbu\sdwssftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\bwipxh\rqslsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\dnkbyt\rgqisftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\iobdoy\rlacsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\jksdeb\qjwmsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\lvlqoc\rmsrsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\ogjmrt\qqrqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\rivioi\ruwpsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\yddbhf\rmdgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001750\C_Users\Dan\AppData\Local\yqwxer\qayysftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\bdtklj\swntsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\cbhynj\sdgnsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\erygax\sepisftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\kejwae\smugsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\lcnetu\rnxbsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\nlulah\smnvsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\pabhov\stpksftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\qxfohm\rvsfsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\uvijte\rwvpsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Local\yviwmg\svuesftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Roaming\qsfyyk\snglsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001836\C_Users\Dan\AppData\Roaming\rjxgmy\sopgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\KBDSDMe.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\dmqjjm\srnpsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\dtlryx\sxwosftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\egmumr\qgossftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\gusqbg\qnrhsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\hiypjh\rkursftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\illwnu\qnbbsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\iwvhjx\qciesftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\jyrwvv\rkemsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\kfcnpl\rbxysftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\kpkdik\rknhsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\kswlmx\qotqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\lklkgw\snaqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\mnhvxh\sgucsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\rkoyep\rjahsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\tjfiit\rtlusftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\tnnisr\svnjsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\umrpmh\qxrfsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\vistph\rkdrsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\wggirh\rqvlsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\xlrdfj\swqtsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\yfwrvl\rbgysftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Local\ymralw\rhpwsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Roaming\ekeylm\sxgjsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Roaming\ponuap\qwousftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Roaming\uqjtld\sojvsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_001931\C_Users\Dan\AppData\Roaming\vhcbxr\spsqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002025\C_Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monnid32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\ekeylm\sxgjsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\ponuap\qwousftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\qsfyyk\snglsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\rjxgmy\sopgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\uqjtld\sojvsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03052010_002131\C_Users\Dan\AppData\Local\vhcbxr\spsqsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by Dr Jay on 5th March 2010, 3:23 pm

Now, please re-run OTL and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by dssslave on 5th March 2010, 7:19 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

dssslave
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24745
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 6th March 2010, 5:20 am

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Dan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 145.89 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.06 Gb Free Space | 51.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AR24NC15RH3
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 21:35:30 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2010/03/01 20:02:19 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 19:07:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/27 17:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/03/11 11:00:54 | 024,095,528 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2008/08/06 10:21:06 | 000,050,472 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2008/01/12 00:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/10/08 16:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 17:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/08/16 19:17:56 | 002,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/19 14:54:56 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 21:35:30 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/29 23:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/03/01 20:02:19 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/04/27 17:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/27 12:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/09 11:16:16 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/03 09:49:17 | 000,068,640 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/03/19 15:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 20:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 21:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/03 22:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 19:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 14:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/30 01:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 12:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 19:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/03/22 12:57:14 | 000,007,680 | --S- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\elauni64.sys -- (elaunidr)
DRV:64bit: - [2007/03/22 12:57:12 | 000,042,496 | --S- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\elagop64.sys -- (elagopro)
DRV:64bit: - [2007/03/20 05:33:28 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\libusb0.sys -- (libusb0)
DRV:64bit: - [2007/01/29 23:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/21 23:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/21 23:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/21 23:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 17:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/02 00:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/01/06 13:42:56 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\libusb0.dll -- (libusb0)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 01:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {C43B9C30-05A9-4A47-8327-D75EF0D6B28F}:1.9.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/18 20:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/18 20:11:41 | 000,000,000 | ---D | M]

[2008/11/15 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/03/05 00:12:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ce525ayo.default\extensions
[2009/09/03 23:01:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ce525ayo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/05 00:12:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/06/23 00:35:04 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\FFToolbar.xml

O1 HOSTS File: ([2010/02/22 00:03:28 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 mystuff.jawbone.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\DfLogon: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 23:27:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/01 21:34:59 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/02/28 11:04:56 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/28 11:04:56 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/28 11:04:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/28 11:04:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/28 11:04:53 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/28 11:04:53 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/28 11:04:52 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/28 11:04:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/28 11:04:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/22 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\JawboneUpdater
[2010/02/22 00:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jawbone
[2010/02/19 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\{C43B9C30-05A9-4A47-8327-D75EF0D6B28F}
[2010/02/09 20:06:59 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/09 20:06:58 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/02/09 20:06:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/09 20:06:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/09 20:06:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2008/01/20 21:49:14 | 000,152,576 | ---- | C] (Electronic Arts) -- C:\Users\Dan\AppData\Local\ameqeduk.dll
[2008/01/20 21:49:14 | 000,147,456 | ---- | C] (RAD Game Tools, Inc.) -- C:\Users\Dan\AppData\Local\azetokesikomeje.dll

========== Files - Modified Within 30 Days ==========

[2010/03/06 00:14:54 | 001,835,008 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT
[2010/03/06 00:11:06 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2010/03/06 00:11:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102215084-3056600008-2421345224-1004UA.job
[2010/03/06 00:10:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/06 00:10:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/06 00:10:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/06 00:10:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/06 00:10:25 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 07:38:14 | 000,524,288 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/05 07:38:14 | 000,065,536 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/05 07:38:10 | 001,812,526 | -H-- | M] () -- C:\Users\Dan\AppData\Local\IconCache.db
[2010/03/05 07:17:00 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/05 07:17:00 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/05 07:17:00 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/03 00:11:29 | 000,000,732 | ---- | M] () -- C:\Users\Dan\AppData\Local\d3d9caps64.dat
[2010/03/01 21:35:30 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/03/01 20:02:25 | 000,015,688 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/02/28 21:11:24 | 000,008,224 | ---- | M] () -- C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/28 20:47:03 | 000,316,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/26 20:11:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102215084-3056600008-2421345224-1004Core.job
[2010/02/22 00:04:22 | 000,000,846 | ---- | M] () -- C:\Users\Dan\Desktop\Jawbone Updater.lnk
[2010/02/10 19:12:10 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/02/09 00:44:11 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/02/09 00:28:10 | 000,000,020 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\sgcpom.dat

========== Files Created - No Company Name ==========

[2010/03/05 07:09:10 | 4284,932,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/03 00:11:29 | 000,000,732 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps64.dat
[2010/03/01 19:29:19 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/02/28 11:08:42 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/02/28 11:04:57 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/28 11:04:57 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/02/28 11:04:55 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/28 11:04:55 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/28 11:04:53 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/02/28 11:04:53 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/28 11:04:52 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/02/28 11:04:52 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/28 11:04:52 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/22 00:04:22 | 000,000,846 | ---- | C] () -- C:\Users\Dan\Desktop\Jawbone Updater.lnk
[2010/02/10 19:12:10 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/02/09 20:07:00 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/02/09 20:06:59 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/09 20:06:59 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/02/09 20:06:59 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/02/09 20:06:59 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/09 20:06:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/02/09 20:06:58 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/02/09 20:06:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/02/09 20:06:58 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/02/09 20:06:58 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/02/09 20:06:30 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/02/09 20:06:30 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/02/09 20:06:25 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/02/09 20:06:25 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/02/09 20:06:22 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/02/09 20:06:17 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/09 00:28:10 | 000,000,020 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\sgcpom.dat
[2009/10/21 22:08:30 | 000,007,094 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/09 10:05:50 | 000,076,407 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Smiley.ico
[2009/01/27 19:39:08 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/27 19:39:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/10/16 22:41:37 | 000,026,624 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 23:14:02 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2008/04/08 20:54:44 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/04/08 20:54:44 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/04/08 20:54:44 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Bankerfox.A and Win32/nuqel.e removal

Post by torcasi25 on 6th March 2010, 5:22 am

as of right now everything is back to normal.. very impressed with GeekPolice right now. thanks dragonmaster

torcasi25
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows vista
Points Points : 24843
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum